Squatting valid internal package names is a nearly sure-fire method to get into the networks of some of the biggest tech companies out there, gaining remote code execution, and possibly allowing attackers to add backdoors during builds.

How the OVO team created a model for delivering infrastructure changes with robust security practices, and used to it build a secure Terraform CI/CD solution for AWS.

Paper examining a common deployment of infrastructure as code via GitHub Enterprise and HashiCorp Terraform, explores an attack scenario, examines attacker tradecraft within the context of the MITRE ATT&CK framework, and makes recommendations for defensive controls and intrusion detection techniques.

AWS Audit Manager is not quite there yet. The intent of the service is clear and you can begin to see the foundation of what this service could be. There are a few gaps that AWS Audit Manager will have to continue to improve upon to make this service usable for its customers.

Why you should opt out of the AI data usage on AWS, how to do that, and how to confirm you did it correctly.

Tutorial that will teach you how to create a network policy using the Cilium Editor. It explains basic network policy concepts and guides you through the steps needed to achieve the desired least-privilege security policy.

What the Kubernetes audit logs are, what information they provide, and how to integrate them with Falco to detect suspicious activity in your cluster.

How to use Open Policy Agent and its Gatekeeper project to enforce policies when creating custom resources.

HashiCorp recently improved the wait_for configurations on several resources, as well as introduced an entirely new generic waiter. The new and improved configuration options allow you to specify whether Terraform should wait for a specific condition, or not, before continuing to apply your configuration or complete successfully.

Generate basic AWS IAM policies using client-side monitoring of calls made from the AWS CLI or SDKs.

Another way to enumerate AWS IAM users/roles without being authenticated to the victim account.

Cloudlist is a tool for listing Assets (Hostnames, IP Addresses) from multiple Cloud Providers.

kCTF is a Kubernetes-based infrastructure for CTF competitions.

AWS announced a free new digital curriculum: Managing Amazon Simple Storage Service, which covers techniques to simplify the management of S3 storage.

How you can programmatically assign and audit access to multiple AWS accounts for your AWS Single Sign-On (SSO) users and groups, using the AWS Command Line Interface (AWS CLI) and AWS CloudFormation.

Just as you can share a Drive folder with a person, you can also share a Drive folder with an IAM service account. Or a Sheet, or a Doc. Whatever it is you want to integrate into your GCP application.

Best practices for effective Cloud NAT monitoring in GCP: monitor port utilization, monitor the reasons behind Cloud NAT drops, leverage log-based metrics, monitor top endpoints and their drops, baseline a normalized error rate.

How to utilize Pub/Sub and Cloud Functions to store project level container image vulnerabilities in a centralized service or location.

Search for samples demonstrating the usage of Google Cloud products, across ML APIs, Storage, serverless, and more. You can filter by language and product.

The prevalence of Distributed Denial-of-Service (DDoS) attacks in 2020 has grown more than 50 percent with increasing complexity and a significant increase in the volume of DDoS traffic.

Recommendations for networking, security, identity, management, and monitoring of AKS clusters based on an organization's business requirements.